[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] ff4 app

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ff4 app
From: t0hitsugu <tohitsugu@xxxxxxxxx>
Date: Mon, 2 May 2011 12:08:06 -0700

Not much of a find, but the firefox4 app for android transmits your google
accounts email/password in plain text when receiving an email from the gmail
application service. This is viewable with the DOM-inspector add-on, and can
also be seen by anyone using wireshark, ettercap, etc.

Still, not much of a (new) risk imo, seeing as you have to already be  on
the users network to sniff the packets.

posted a picture here, as I didnt know where else to:
http://img861.imageshack.us/img861/6466/ff4e.png

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] ff4 app
  - From: Daniel Llewellyn

Prev by Date: Re: [Full-disclosure] Stuxnet
Next by Date: Re: [Full-disclosure] Musn'tlive
Previous by thread: Re: [Full-disclosure] Covert Backdoor in is All BSD {free, net, open, dragon, pc, (un)trusted}
Next by thread: Re: [Full-disclosure] ff4 app
Index(es):
- Date
- Thread